Configure a Citrix ADC VPX instance to use SR-IOV network interfaces

January 25, 2019

Contributed by:
C

You can use the Virtual Machine Manager to configure a Citrix ADC VPX instance running on Linux-KVM to use single root I/O virtualization (SR-IOV) network interfaces with Intel 82599 10G NIC and X710 10G and XL710 40G NICs.

This section describes how to:

Configure a Citrix ADC VPX Instance to Use SR-IOV Network Interface

Configure Static LA/LACP on the SR-IOV Interface

Configure VLAN on the SR-IOV Interface

Limitations

Keep the limitations in mind while using Intel 82599, X710, XL710 NICs. The following features not supported.

Limitations for Intel 82599 NICs:

L2 mode switching

Admin partitioning (shared VLAN mode)

High availability (active-active mode

Jumbo Frames.

IPv6: You can configure only up to 30 unique IPv6 addresses in a VPX instance if you’ve alteast one SR-IOV interface.

VLAN configuration on Hypervisor for SRIOV VF interface through “ip link” command is not supported.

Interface parameter configurations such as speed, duplex, and autonegotiations are not supported.

Limitations for X710 10G and XL710 40G NICs:

L2 mode switching.

In a cluster, Jumbo Frames are not supported when the XL710 NIC is used as a data interface.

Interface list re-orders when interfaces are disconnected and reconnected.

Interface parameter configurations such as speed, duplex, and auto negotiations are not supported.

Interface name is 40/X for both XL710 and X710 NICs

Up to 16 Intel XL710/X710 SRIOV or PCI Passthrough interfaces can be supported on a VPX instance.

Note: For IPv6 to work with X710 10G and XL710 40G NICs, you need to enable trust mode on the Virtual Functions (VFs) by typing the following command on the KVM host:

# ip link set <PNIC> <VF> trust on

For example:

# ip link set ens785f1 vf 0 trust on

Prerequisites

Before you configure a Citrix ADC VPX instance to use SR-IOV network interfaces, complete the following prerequisite tasks. See the NIC column for details about about how to complete the corresponding tasks.

Task

82599 NIC

X710 and XL710 NICs

1. Add the NIC to the KVM host.

-

-

2. Download and install the latest Intel driver.

IXGBE driver

I40E driver

3. Blacklist the driver on the KVM host.

Add the following entry in the /etc/modprobe.d/blacklist.conf file: blacklist ixgbevf. Use IXGBE driver version 4.3.15 (recommended).

Add the following entry in the /etc/modprobe.d/blacklist.conf file: blacklist i40evf.Use i40e driver version 2.0.26 (recommended).

4.Enable SR-IOV Virtual Functions (VFs) on the KVM host. In both the commands in the next two columns: number_of_VFs =the number of Virtual VFs that you want to create. device_name =the interface name.

If you are using earlier version of kernel 3.8, then add the following entry to the /etc/modprobe.d/ixgbe file and restart the KVM host: *options ixgbe max_vfs=*.If you are using kernel 3.8 version or later, create VFs using the following command: *echo > /sys/class/net//device/sriov_numvfs*. See example in figure 1.

If you are using earlier version of kernel 3.8, then add the following entry to the /etc/modprobe.d/i40e.conf file and restart the KVM host:*options i40e max_vfs=*.If you are using kernel 3.8 version or later, create VFs using the following command: *echo > /sys/class/net//device/sriov_numvfs*.See example in figure 2.

5. Make the VFs persistent by adding the commands that you used to create VFs, to the rc.local file.

See example in figure 3.

See example in figure 3.

Important

When you are create the SR-IOV VFs, ensure that you do not assign MAC addresses to the VFs.

Configure a Citrix ADC VPX instance to use SR-IOV network interface

To configure Citrix ADC VPX instance to use SR-IOV network interface by using Virtual Machine Manager, complete these steps:

1. Power off the Citrix ADC VPX instance.

2. Select the Citrix ADC VPX instance and then select Open.

1. In the <virtual_machine on KVM> window, select the i icon.

1. Select Add Hardware.

5. In the Add New Virtual Hardware dialog box, do the following:

a. Select PCI Host Device.
b. In the Host Device section, select the VF you have created and click Finish.

Figure 4:VF for 82599 10G NIC

Figure 5: VF for XL710 NIC

6. Repeat Step 4 and 5 to add the VFs that you have created.
7. Power on the Citrix ADC VPX instance.
8. After the Citrix ADC VPX instance powers on, use the following command to verify the configuration:

> show interface summary

The output shows all the interfaces that you configured.

Figure 6: output summary for 82599.

Figure 7. Output summary for X710 and XL710 NICs.

Configure static LA/LACP on the SR-IOV interface

Important

When you are creating the SR-IOV VFs, ensure that you do not assign MAC addresses to the VFs.

To use the SR-IOV VFs in link aggregation mode, disable spoof checking for VFs that you have created. On the KVM host, use the following command to disable spoof checking:

*ip link set \<interface\_name\> vf \<VF\_id\> spoofchk off*

Where:

Interface_name – is the interface name.

VF_id – is the Virtual Function id.

For example:

After you disable spoof checking for all the VFs that you have created. Restart the Citrix ADC VPX instance and configure link aggregation. For detailed instructions, see Configuring Link Aggregation.

Configuring VLAN on the SR-IOV Interface

Ensure that the KVM host does not contain VLAN settings for the VF interface.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.